Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VoIP b/t subnets - audio problems

    NAT
    3
    5
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SpaceBass
      last edited by

      Hey folks,
      Recent convert from a linux based system and I'm having some issues with a VoIP setup.

      My voip server, Asterisk, is on my lan, along with my hard-wired voip phones.

      I have opt2 setup as a wlan with an open AP (no security) for some WiFi phones that don't support WPA.

      I created a virtual IP (10.1.2.40) on opt2 and a 1:1 nat to the VoIP server (10.1.1.40). There are, for the sake of testing, two rules that allow both wifi phones to pass any proto on any port to the asterisk server (10.1.1.40).

      Nevertheless I'm still having issues. If I call from the LAN (hardwired voip phone) to the wifi phone on opt2 I get 2 way audio. If I call from the WiFi phones I get no audio.

      Audio, fyi, travels on UDP b/t ports 10,000 - 20,000 .

      Anyone have any suggestions?

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Search the forum for the static port option.  It fixes the problem 99% of the times.

        1 Reply Last reply Reply Quote 0
        • S
          SpaceBass
          last edited by

          Thanks for the tip!
          I've been reading up and I guess I'm still missing something.

          I've tried creating two outbound nat rules:

          WAN    10.1.2.70/32  any port, any destination, any nat
          static port =YES
          LAN 10.1.4.70/32  any port, any destination, any nat
          static port =YES

          where 10.1.2.70 is the wifi phone on opt2
          and  10.1.1.40 is the Asterisk PBX on LAN

          still only getting audio in one direction.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            NAT is making problems with a lot of VOIP implementations as long as you don't have any kind of proxy or STUN server. I would suggest setting this up without NAT and simply route between OPT and LAN. If you want to add some security to your unsecured accesspoint enable captive portal at the ap interface and add the macasresses of your voipphones as passthrough macs.

            1 Reply Last reply Reply Quote 0
            • S
              SpaceBass
              last edited by

              @hoba:

              NAT is making problems with a lot of VOIP implementations as long as you don't have any kind of proxy or STUN server. I would suggest setting this up without NAT and simply route between OPT and LAN. If you want to add some security to your unsecured accesspoint enable captive portal at the ap interface and add the macasresses of your voipphones as passthrough macs.

              Thanks for the suggestions!
              Unfortunately captive portal just isn't secure enough, it would be trivial to spoof the MAC and gain access.
              I'll keep playing and see what I can come up with. I still think there might be a solution with static ports, just need to figure out how that works.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.